Stop using ssl{_ctx,}_security() outside of ssl_seclevel.c

The API is ugly and we can easily abstract it away. The SSL_SECOP_* stuff
is now confined into ssl_seclevel.c and the rest of the library can make
use of the more straightforward wrappers, which makes it a lot easier on
the eyes.

ok beck jsing

1 files changed, 2 insertions, 3 deletions

diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 609bfb7e65..2cdcef444c 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.294 2022/06/29 20:04:28 tb Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.295 2022/07/02 16:31:04 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1471,8 +1471,7 @@ SSL_get1_supported_ciphers(SSL *s)
                 if (!ssl_cipher_allowed_in_tls_version_range(cipher, min_vers,
                     max_vers))
                         continue;
-                if (!ssl_security(s, SSL_SECOP_CIPHER_SUPPORTED,
-                    cipher->strength_bits, 0, cipher))
+                if (!ssl_security_supported_cipher(s, cipher))
                         continue;
                 if (!sk_SSL_CIPHER_push(supported_ciphers, cipher))
                         goto err;